Versions:
OWASP CycloneDX Generator (cdxgen) 12.1.3 is a polyglot CLI tool and library maintained by the OWASP Foundation that automates the creation of machine-readable Bill of Materials documents compliant with the CycloneDX specification. Issued as the 28th public iteration since the project’s inception, the utility is engineered to produce both Software Bill of Materials (SBOM) for applications, source trees, and container images, as well as Operations Bill of Materials (OBOM) that inventory the runtime components of Linux and Windows hosts. By scanning package manifests, lock files, and layer metadata, cdxgen distills dependency graphs, license data, and cryptographic hashes into a single JSON or XML artifact, enabling security, compliance, and procurement teams to assess supply-chain risk without manual spreadsheets. The open-source binary is designed for frictionless embedding in any CI/CD pipeline: it exits with deterministic status codes, supports containerized execution, and offers a native JavaScript API for custom orchestration. When a Dependency-Track server endpoint is supplied, the generator can automatically upload the resulting BOM for immediate vulnerability correlation and policy evaluation, closing the loop between creation and analysis. Typical use cases include pre-release attestation in secure software factories, license inventory audits for M&A due-diligence, baseline creation for federal SBOM mandates, and continuous monitoring of golden production images. The tool is available for free on get.nero.com, with downloads delivered through trusted Windows package sources such as winget, always providing the latest version and enabling batch installation of multiple applications.
Tags: